A known TCG system allows a user to couple a tamper-proof device storing a password for user authentication, such as an IC card, a smart card and a USB token, to an information processing apparatus or terminal unit, such as a notebook personal computer, a desktop personal computer and a mobile telephone, and then allows the user to decrypt and open an encrypted file on the information processing apparatus. In this system, conventionally a file of a TPM key generated in the information processing apparatus is stored in its hard disk. The TPM key includes a decryption key which is necessary to decrypt the encrypted file and also password check information for permitting the decryption. In order to decrypt the encrypted file, the user loads the TPM key loaded from the hard disk to a TPM (Trusted Platform Module) called a security chip, and also loads the password from the tamper-proof device to the TPM. When the two passwords from the TPM key and the device match with each other, the TPM allows the encrypted file to be decrypted using an encryption/decryption key read into the TPM.
For maintaining the security of the TCG system, it is necessary to regularly update a password stored in the tamper-proof device. To update the password, the tamper-proof device is coupled to the information processing apparatus, and a new password is entered through a keyboard to change the password. When a plurality of such information processing apparatuses employ the TCG system, it is necessary for the user to update the same number of passwords as the number of the information processing apparatuses.
PCT International Publication WO 01/013198 (A) published on Feb. 22, 2001 discloses a computer system which is adapted to restrict operations on data. This computer system includes a computer platform having a secure operator for checking whether a user of the platform is licensed to perform a requested operation on data and for enabling use of the data; a mobile trusted module containing a user identity, wherein the trusted module is a component adapted to behave in an expected manner and resistant to unauthorized external modification; and an access profile specifying license permissions of users with respect to the data. The computer platform contains a platform trusted module, which engages in mutual authentication with the mobile trusted module and which contains a secure operator. The secure operator is adapted to check the access profile to determine whether a requested operation is licensed for used identity contained in the mobile trusted module.